Next Topic

Previous Topic

Book Contents

Active Directory monitor

Monitor description

The Active Directory monitor is capable of monitoring several key aspects of an Active Directory server, including replication latency, domain controller time variance and verification of Kerberos authentication.

  • System type: Windows
  • Category: Directory service

Monitor prerequisites

  1. The object address must be the name of the active directory domain, for example mydomain.local.
  2. The logon account must be a domain user.

Active directory monitor

Monitor specific properties

  • Logon account - The logon account contains the credentials to use when testing the active directory server. The account must be a domain user or the test fails.
  • Kerberos authentication - If checked, tests if the Active Directory can perform a Kerberos authentication successfully. Any authentication error is written to the error report, and an alarm is raised.
  • Global catalog - If checked, tests if the Global Catalog Domain Controller is found. Any error is written to the error report, and an alarm is raised.
  • DC:s published in DNS - If checked, tests if the Domain Controller's service DNS SRV records are found in the DNS ("_ldap._tcp.DOMAIN.", "_kerberos._tcp.DOMAIN.", "_ldap. _tcp.dc._msdcs.DOMAIN.", "_kerberos._tcp.dc._msdcs.DOMAIN.", "_ldap._tcp.Default-First-Site._sites.DOMAIN.", etc.)
  • Replication - If checked, tests if the last replication attempt was successful.
  • Max DC time variance - Measure the time variance in seconds between domain controllers. If the time difference between the domain controllers are above this value the test fails.

LDAP query option

An optional LDAP query statement can be executed and its output compared to a predefined value using a compare operation.

  • LDAP query - LDAP query to perform.
  • Compare value - Value to compare query result with.
  • Value type - Type of value that is compared with the retrieved value from the database.
  • Operation - Operation to evaluate the returned query result and the compare value to determine if the test succeeded or failed.